As the title says, I have 1000mb audio files in my app (which has a media player ability also). I don't need a 100% protection. All I need is that when user downloads these audio files from the web, only my app could be able to find on open these files and if a normal user shares these files they couldn't open it.
I know a dedicated user or hacker can easily access the main files, all I need is a simple primitive protection from a ordinary user.
What is the best way to do this? Any suggestions or examples would be appreciated.
Thanks a lot
Store those audio in folder named '.nomedia' without quotes.
OR
Use custom file extentions and and save those files using Serialization
To save object to file you need serialization.
You can choose whatever file extension we like e.g. .car.
You can simple encrypt the header of the file not entire file, Your app will decrypt that header before playing it. You only need to encrypt few bytes so there is no performance issue.
Related
I created a music app with my own music files. I placed all sound files in raw folder which is not secure. People just rename the .apk with .zip and started stealing my music file and they started coming with their own clones.
How can I secure raw folder?
It seems like due to the nature of the Android .apk, resources are ultimately ex-tractable. Though you can prevent common methods like .zip using encryption, but the encryption key will need to be somewhere else in the application. Then you get to the secondary problem of attempting to hide that key. Alternatively you could use a web server to stream the music or send key for the encryption.
Protecting code in android asset files
How to secure the android assets folder from hackers
https://stackoverflow.com/a/5275702/5686611
The best thing I'd recommend is using a server to stream your music to the application. There are a lot of workarounds if you keep the data locally on android. Use a server, you'll be good to go.
I have created an Android Application, in that I am playing and downloading audio file from server. So when user download audio file from server he/she can't show that file in File Manager or any other media player like Gaana app.
How to make it possible?
Thanks,
Sagar.
You can save the files in Internal Storage Area. These files would be private to your app only.
Using getFilesDir() on any context provides absolute path to the filesystem directory where your internal files are saved. There in you can create directory. For more information refer here
You can use few approaches:
Download files into the private application's directory. No other apps will have access to those files. Pros of this approach is that is is the easiest way. Cons is that the inner storage might be limited in the device.
Download files saving them with incorrect file extensions. Pros: easy to implement, can save anywhere. Cons: files can be accessed, copied and renamed by any other app.
The same way as 2nd approach, but add some encryption to the files, so nobody except you can use them. This approach might require on-the-fly decryption.
I am writing an app for my final year project, so it's more so for proof of concept so it doesn't have to be the best app in the world.
It is like a file locker app that you can add and remove files from the app and when they are stored they will be encrypted. There will be a login of some sort for the user to enter and be verified on a DB.
I am still a novice in android so I still have a way to go, but I am getting there!
I was thinking when the file (which could be a doc, pdf, jpg, video file etc) is added to the app it would be stored in the internal storage (from what I have read it seems to be the best place to store app related content) and a record of the name and file type would be added to the DB and also the encrypted file name. So when the user looks at the app they will see a thumbnail of the pic and the file name, kinda like the My Files app shows up files within a folder.
My question is it best not to store the file directly into the DB but just use the DB as a reference with the file details, if so how could this be done?
Also I was thinking that an AES 128bit encryption method would be best suited for this. I have tried a couple of encryption examples but have only been able to do this with a txt file, when i tried it with a jpg the app just sat there and did nothing. It showed the encrypted and decrypted jpg but this was not viewable.
Would anyone be able to suggest a good way of encrypting any file type that would suit for my app?
Any help would be greatly appreciated!
Cheers,
Owen
If you want to do this properly, here are a few tips:
Don't store files in the database, unless you know in advance that they're going to be really titchy. Store them somewhere else, with a reference to them in the database.
The best place for them if they're smallish is internal storage in the app's private file space. But if you want to be able to store encrypted arbitrary data then you'll need to hit external storage.
Don't store the decryption key!
Ideally, you should find a way not to write the file anywhere when you decrypt it. That might not be possible, though, if you need to open it in another application afterwards. If you write the encrypted files to external storage, you should at the very least write the decrypted version to internal storage where there's some operating system protection against other apps reading it. If you write the decrypted file to external storage, anything will be able to get at it.
AES with a 128-bit key will do you fine.
I have a android app which has a copyrighted mp3 track. I dont want users to see the mp3 that is stored in my app on music player.currently users are able to access the track using their default music player.
any lights on this issue?
Add a .nomedia file in the audio track directory of your app.This avoids the files being listed in music player.
There are multiple possibilities, based upon your needs, pick one, or a combination:
1) An easy solution: Put the .mp3 in your private folder. NOTE: Rooted users are still able to play/copy the mp3 file.
2) Another Easy way: rename the .mp3 to something weird, so it will not get picked up by music players. E.g. your_file.aaa ... NOTE: Rooted Users who know this file is actually an .mp3 can rename it and play/copy it
3) Or, a bit more work, encrypt/decrypt the file. This tutorial can get you started. This is an option if you absolutely want to prevent users from playing/copying the .mp3 outside your app.
Convert your file to binary refer this and the encrypt it using something like base64 while saving. while fetching do th reverse
I have some audio files that my app is downloading, and due to the size of the files it would be nice if I could store them on the user's external storage. However I need them to remain private to my application. Is there any way to accomplish this?
Not literally.
You could encrypt them, but then you would have to handle the playing yourself, in order to decrypt them (or play some game like streaming them from a local "server" which decrypts them as it reads).
Realize also that even things within your .apk itself are accessible on most devices (you will need to use care in obfuscating the encryption key), and the contents of your app's private storage folder are readable on the multitude of rooted devices.
One simple suggestion would be to encrypt your file and then store it in external memory. This would keep the data safe and secured. Other application wont be able to access it. To accomplish this you need to convert the file into ByteStream. Then using encryption function encrypt it and store to external memory. Change the extension of your file to some user-defined extension like myExt and store all in certain folder. When you want to use those files in your application, decrypt it and use it. The encryption key will help you to securely protect data.
As per my knowledge this will prevent other application to access your information.